Many of the risks posed by e-mail are quite obvious to the user, there can be very few users unaware of the risks of 'phishing', and there forever seems to be news articles about celebrities that have had their e-mail accounts 'hacked'. There are however a number of risks that are not so apparent - e-mails can be intercepted or even 'spoofed'. In fact in many mail clients it is trivial to make it look like an e-mail has originated from another persons e-mail account, whilst the more savvy users may check the original headers, many users would not think to do this, let alone know how to view them (In fact the more recent versions of Outlook don't allow you to do so.)

So why would someone 'spoof' an e-mail from you? Aside from phishing there are many other benefits - I could for example, pretend to be one of your old friends in order to get your home address, or as a prospective employer in order to get your social security or National Insurance number. There are many other uses that such an attack could be used for, however the actual likelihood of such an attack is reasonably small as most e-mail attacks are generally sent out 'en masse'.

How many times have you signed up to something on the net, only to be asked to re-confirm some security details by e-mail? Did you send the details back? Most people would, but that e-mail could have been intercepted somewhere along the journey - unlike sending details through the post, emails can be read and copied wihtout leaving a trace of evidence. If you are planning to send personal details via e-mail, make sure you encrypt it first. If the recipient doesn't have the means to provide you with an encryption key, ask them if you can provide the details in a different format (phone, mail etc.).

How many times have you opened your inbox only to see an email with the subject Fw: Fw: Fw: Fw: Fw: Look at this!!!, Chain Mail is an in-avoidable security risk. You may opt not to forward it on, but it's too late. Your e-mail address has likely already  been sent to other people without your consent (unless the "blind carbon copy" field was used, you can see everyone to whom the mail was sent, and if this is then forwarded, the email addresses usually appear as part of the forwarded message).  If at some point someone receives that chain mail and decides to sell all the addresses to spammers, your address will be on that list. It increases the likelihood of you receiving spam, phishing e-mails and all manner of rubbish. Sadly, in my experience, asking your friends not to send you chain mail is futile, it just keeps coming through. If you are going to send mail like that, try putting the list of names in the blind carbon copy (BCC:) box, it means that the list of e-mail addresses is private, and protects your contacts.

Other risks presented by e-mail vary, but if your e-mail inbox contains personal information, you should be very aware that this is potentially available to anyone with a mind to access it. Is your password security strong? Does your e-mail provider patch regularly, and do they test those patches before employing them? A security breach may not necessarily be any fault of your own, but the risk remains yours.

If you use 'Webmail', can you be sure that your e-mail is not being read by someone else? A so-called "man-in-the-middle" attack is where a system puts itself between your computer and another system, meaning that anything you access on the network will pass through this system and potentially be logged and analysed. A good example of this attach vector can be found by searching for details of Phorm and BTWebwise on the Internet, although the companies involved claim the system is legal, the methods employed are very similar to those used by black hats (another term for un-ethical hackers - i.e. those who use methods similar to this for financial or other gains).

These are some of the potential dangers of using e-mails, but surely it does have some benefits? Let's take a look at some of these;

E-mail is (almost) instant, whereas traditional post takes quite some time, e-mail usually arrives within minutes. This can be beneficial when you need a quick response, but a phone call would be far too expensive.

You can ask for a read-receipt and a delivery-receipt to verify that the e-mail has indeed been received and read. However this is not guaranteed, systems can be configured to not provide delivery receipts, and most e-mail clients will allow the user to not sent a read-receipt. So whilst the means is there to prove receipt of a communication, there are ways to work around it.

With use of cryptographic signing you can prove that the email came from you, this reduces the effectiveness of 'spoofing' and also means that no-one can pretend to be you. However implementing cryptographic signing does require some end-user training, especially in ensuring that people observe proper security protocols.

E-mail is generally quite convenient but it does have a variety of problems, many companies and courts will not recognise forms or contracts made over e-mail simply because it would be too easy to fake. Users are at risk when using e-mail, especially those who seem to, inexplicably, lack common sense. Users should be taught not to open unusual e-mails, but in many cases explaining to them that just by opening it they could infect their computer is simply not enough. Many users simply lack the technical knowledge to identify even the most basic risks, and many believe that by placing details in a password protected document they have secured those details.

There is without a doubt an inherent responsibility to having s system connected to any network, and many of the users simply do not measure up, so it is the responsibility of those who do understand to educate them. This article has detailed a few of the risks posed by e-mail (including the wane in correct grammar and spelling), but there are many many more. E-mail is a useful commodity, but it does carry some severe risks if not managed and implemented correctly.

Many users would claim that they could not live without e-mail, but interestingly we recently had an issue with our E-mail server. In evaluating whether to remove e-mail rather than invest time and resources in repairing the system, we reached the conclusion that one user required e-mail. Everyone else could function without it if they needed to, we would have been highly unpopular if we had not decided to repair the system for the sake of the one, but it did highlight how little need there actually is for e-mail.

I hope this article has opened your eyes to some of the risks and benefits of e-mail, the benefits vary between users but it would appear that e-mail is quite often a luxury. It is certainly taken for granted, and a lack of technical knowledge on the subject can often lead to dangerous repercussions.